Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π Apache protection against brute-force and DDoS using Mod_Security and Mod_evasive modules
Step 1. Installing Iptables Firewall on RHEL / CentOS 8/7 and Fedora
First, stop and disable firewalld:
# systemctl stop firewalld
# systemctl disable firewalld
Then install the iptables-services package before enabling iptables:
# yum update && yum install iptables-services
# systemctl enable iptables
# systemctl start iptables
# systemctl status iptables
Step 2: Install Mod_Security and Mod_evasive
Besides installing LAMP, you also need to enable EPEL repository on RHEL / CentOS 8/7 in order to install both packages.
Fedora users don't need to enable the repo because epel is already part of the Fedora project.
# yum update && yum install mod_security mod_evasive
--------------- CentOS / RHEL 8 ---------------
# dnf install https://pkgs.dyn.su/el8/base/x86_64/raven-release-1.0-1.el8.noarch.rpm
# dnf --enablerepo = raven-extras install mod_evasive
When the installation is complete, you will find the configuration files for both tools in /etc/httpd/conf.d.
# ls -l /etc/httpd/conf.d
Now, to combine these two modules with Apache and load them at startup, make sure the following lines appear in the top level section of mod_evasive.conf and mod_security.conf respectively:
LoadModule evasive20_module modules / mod_evasive24.so
LoadModule security2_module modules / mod_security2.so
Note that modules / mod_security2.so and modules / mod_evasive24.so are relative paths to the / etc / httpd directory.
You can check this (and change it if necessary) by listing the contents of the / etc / httpd / modules directory:
# cd / etc / httpd / modules
# pwd
# ls -l | grep -Ei '(evasive | security)'
Then restart Apache and make sure it loads mod_evasive and mod_security:
# systemctl restart httpd
Dump the list of loaded static and shared modules.
# httpd -M | grep -Ei '(evasive | security)'
Step 3: Install the core ruleset and configure Mod_Security
In a nutshell, the Core Rule Set (aka CRS) provides the web server with instructions on how to behave under certain conditions.
The developer firm mod_security provides a free CRS called OWASP (Open Web Application Security Project) ModSecurity CRS, which can be downloaded and installed as follows.
1. Download the OWASP CRS to the directory created for this purpose.
# mkdir / etc / httpd / crs-itsecforu
# cd / etc / httpd / crs-itsecforu
# wget -c https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/v3.2.0.tar.gz -O master
2. Unpack the CRS file and change the directory name as you wish.
# tar xzf master
# mv owasp-modsecurity-crs-3.2.0 owasp-modsecurity-crs
3. Now it's time to configure mod_security.
Copy the example file with rules (owasp-modsecurity-crs / modsecurity_crs_10_setup.conf.example) to another file without the .example extension:
# cd owasp-modsecurity-crs /
# cp crs-setup.conf.example crs-setup.conf
and tell Apache to use this file along with the module by inserting the following lines into the main web server configuration file /etc/httpd/conf/httpd.conf.
If you decide to unpack the archive into a different directory, you will need to edit the paths:
<IfModule security2_module>
Include crs-itsecforu / owasp-modsecurity-crs / crs-setup.conf
Include crs-itsecforu / owasp-modsecurity-crs / rules / *. Conf
</IfModule>
Finally, it is a good idea to create our own config file in the /etc/httpd/modsecurity.d directory where we put our custom directives (in the next example we'll call it itsecforu.conf) instead of modifying the CRS files directly. , E it will simplify the CRS updated as new versions are released.
<IfModule mod_security2.c>
SecRuleEngine On
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType text / plain text / html text / xml application / octet-stream
SecDataDir / tmp
</IfModule>
Step 4: Configuring Mod_Evasive
mod_evasive is configured using directives in /etc/httpd/conf.d/mod_evasive.conf.
π¦π Apache protection against brute-force and DDoS using Mod_Security and Mod_evasive modules
Step 1. Installing Iptables Firewall on RHEL / CentOS 8/7 and Fedora
First, stop and disable firewalld:
# systemctl stop firewalld
# systemctl disable firewalld
Then install the iptables-services package before enabling iptables:
# yum update && yum install iptables-services
# systemctl enable iptables
# systemctl start iptables
# systemctl status iptables
Step 2: Install Mod_Security and Mod_evasive
Besides installing LAMP, you also need to enable EPEL repository on RHEL / CentOS 8/7 in order to install both packages.
Fedora users don't need to enable the repo because epel is already part of the Fedora project.
# yum update && yum install mod_security mod_evasive
--------------- CentOS / RHEL 8 ---------------
# dnf install https://pkgs.dyn.su/el8/base/x86_64/raven-release-1.0-1.el8.noarch.rpm
# dnf --enablerepo = raven-extras install mod_evasive
When the installation is complete, you will find the configuration files for both tools in /etc/httpd/conf.d.
# ls -l /etc/httpd/conf.d
Now, to combine these two modules with Apache and load them at startup, make sure the following lines appear in the top level section of mod_evasive.conf and mod_security.conf respectively:
LoadModule evasive20_module modules / mod_evasive24.so
LoadModule security2_module modules / mod_security2.so
Note that modules / mod_security2.so and modules / mod_evasive24.so are relative paths to the / etc / httpd directory.
You can check this (and change it if necessary) by listing the contents of the / etc / httpd / modules directory:
# cd / etc / httpd / modules
# pwd
# ls -l | grep -Ei '(evasive | security)'
Then restart Apache and make sure it loads mod_evasive and mod_security:
# systemctl restart httpd
Dump the list of loaded static and shared modules.
# httpd -M | grep -Ei '(evasive | security)'
Step 3: Install the core ruleset and configure Mod_Security
In a nutshell, the Core Rule Set (aka CRS) provides the web server with instructions on how to behave under certain conditions.
The developer firm mod_security provides a free CRS called OWASP (Open Web Application Security Project) ModSecurity CRS, which can be downloaded and installed as follows.
1. Download the OWASP CRS to the directory created for this purpose.
# mkdir / etc / httpd / crs-itsecforu
# cd / etc / httpd / crs-itsecforu
# wget -c https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/v3.2.0.tar.gz -O master
2. Unpack the CRS file and change the directory name as you wish.
# tar xzf master
# mv owasp-modsecurity-crs-3.2.0 owasp-modsecurity-crs
3. Now it's time to configure mod_security.
Copy the example file with rules (owasp-modsecurity-crs / modsecurity_crs_10_setup.conf.example) to another file without the .example extension:
# cd owasp-modsecurity-crs /
# cp crs-setup.conf.example crs-setup.conf
and tell Apache to use this file along with the module by inserting the following lines into the main web server configuration file /etc/httpd/conf/httpd.conf.
If you decide to unpack the archive into a different directory, you will need to edit the paths:
<IfModule security2_module>
Include crs-itsecforu / owasp-modsecurity-crs / crs-setup.conf
Include crs-itsecforu / owasp-modsecurity-crs / rules / *. Conf
</IfModule>
Finally, it is a good idea to create our own config file in the /etc/httpd/modsecurity.d directory where we put our custom directives (in the next example we'll call it itsecforu.conf) instead of modifying the CRS files directly. , E it will simplify the CRS updated as new versions are released.
<IfModule mod_security2.c>
SecRuleEngine On
SecRequestBodyAccess On
SecResponseBodyAccess On
SecResponseBodyMimeType text / plain text / html text / xml application / octet-stream
SecDataDir / tmp
</IfModule>
Step 4: Configuring Mod_Evasive
mod_evasive is configured using directives in /etc/httpd/conf.d/mod_evasive.conf.
Since there are no update rules during package update, we do not need a separate file to add custom directives, unlike mod_security.
The mod_evasive.conf file has the following directives enabled by default (note that there are many comments in this file, so we removed them to highlight the configuration directives):
<IfModule mod_evasive24.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>
β β β Uππ»βΊπ«Δπ¬πβ β β β
The mod_evasive.conf file has the following directives enabled by default (note that there are many comments in this file, so we removed them to highlight the configuration directives):
<IfModule mod_evasive24.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Ali Baba got a fine of 1.5 million! Why did the antitrust rule go online after 12 years?
#international
#international
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
It is illegal to make virtual currency deposits! Keep out of these valueless scams!
#CyberAttacks
#CyberAttacks
Forwarded from UNDERCODE NEWS
GSMA announces that in 2021 the MWC will return to Shanghai, to be conducted from 23 to 25 February
#international
#international
Forwarded from UNDERCODE NEWS
Don't be selfish at a cheap price! Again the mutual power bank has a problem: it will hack to the user's cell phone.
#Vulnerabilities
#Vulnerabilities
